AMENDMENTS TO THE CLAIMS 



1. (Currently amended) A method of preventing an attack on a network, the method 
comprising the computer-implemented steps of: 

receiving a request to access a resource from a user, wherein the request includes an 

accumulated work value; 
determining whether the accumulated work value exceeds a required work threshold 

value, and if not, selectively requiring the user to perform a quantity of work as a 

condition for accessing the resource; 
providing the user with access to the resource; 

determining an amount of accumulated work output value to provide to the user based on 

a volume of data communicated between the resource and the user; and 
providing the accumulated work output value to the user. 

2. (Original) A method as recited in Claim 1, wherein the request includes a prior user 
identity value and a current user identity value, and further comprising the steps of determining 
whether a mathematical relationship of the current user identity value and the prior user identity 
value indicates that the user has possession of a resource secret. 

3. (Original) A method as recited in Claim 1, further comprising the steps of: 
receiving a prior keyless user identity value H(i-i-l,x) in the request comprising a one- 
time password, wherein H(i-i-l,x) is computed by the user as a hash chain from a 
non-shared user secret (x), wherein H(n,x)= h(H(n-l,x)), wherein n > 0 and 
H(0,x) = X, wherein function h is a one-way function that is difficult to invert; 

receiving a current user identity value H(i,x); 

verifying that the keyless user identity value properly identifies the user only upon 
determining that h(H(i,x)) == H(i+l,x). 

4. (Original) A method as recited in Claim 3, wherein h comprises a SHA-1 hash 
algorithm. 
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5. (Currently amended) A method as recited in Claim 3, wherein n is approximately 
between 10^4 and 10^6 . 



6. (Original) A method as recited in Claim 1, further comprising the step of determining 
the required work threshold value based on a then-current capacity of the resource. 

7. (Original) A method as recited in Claim 1, further comprising the steps of: 
determining the required work threshold value based on a then-current capacity of the 

resource; 

requiring a first user who has an accumulated work value that is greater than the required 
work threshold value to perform a first amount of work as a condition for 
accessing the resource; and 

requiring a second user who has an accumulated work value that is less than or equal to 
the required work threshold value to perform a second amount of work as a 
condition for accessing the resource, wherein the second amount of work is 
greater than the first amount of work. 

8. (Original) A method as recited in Claim 1, wherein the step of determining an 
amount of accumulated work output value is performed for a specified user only during a 
specified time period in which accumulating work is allowed for that specified user. 

9. (Original) A method as recited in Claim 1, wherein the step of determining an 

amount of accumulated work output value is performed for a specified user only if the cuixent 
user identity value received from the user is not found in a list of user identity values that were 
previously received in a specified time period. 

10. (Original) A method as recited in Claim 1, further comprising the step of digitally 
signing and providing a timestamp to the user with the accumulated work output value, and 
wherein the step of determining an amount of accumulated work output value is performed for a 
specified user only upon: 

receiving the timestamp is received in a subsequent request; 
verifying the timestamp value; and 
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determining that the timestamp value is within an allowed range. 

11. (Original) A method as recited in Claim 1, further comprising the step of receiving 
the accumulated proof of work value, a prior user identity value and a current user identity value 
in a cookie provided by the user to the resource. 

12. (Original) A method as recited in Claim 1, wherein determining an amount of 
accumulated work output value to provide to the user based on a volume of data communicated 
between the resource and the user comprises determining the amount of accumulated work as 
2^k * p, where k is a number of bits of work previously performed by the user and p is a number 
of messages or packets conmiunicated between the user and the resource. 

13. (Original) A method as recited in Claim 1, further comprising the step of providing 
the accumulated work output value in a cookie sent from the resource to the user. 

14. (Original) A method as recited in Claim 1, further comprising the step of selectively 
increasing the required work threshold value for a particular user in response to congestion 
conditions of the resource. 

15. (Original) A method as recited in Claim 1, wherein requiring the user to perform a 
quantity of work as a condition for accessing the resource comprises requiring the user to hash a 
message until a specified number of bits are zero. 

16. (Currently amended) A method of preventing an attack on a network, the method 
comprising tfee-computer-implemented steps of: 

receiving a request to access a resource from a user, wherein the request includes an 
accumulated work value that represents work that the resource has previously 
required the user to perform in order to obtain previous access to the resource; 

determining whether the accumulated work value exceeds a required work threshold 
value; and 

providing the user with access to the resource only when the accumulated work value 
exceeds a required work threshold value. 
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17. (Currently amended) An apparatus for preventing an attack on a network , comprising 
means for performing any of the functions recited in any of the steps of Claims 1 . 2. 3. 4 . 5, 6, 7, 
8, 9, 10, II, 12, 13, 1 4 , 15, or 16 r eceiving a request to access a resource from a user, wherein the 
request includes an accumulated work value: means for determining whether the accumulated 
work value exceeds a required work threshold value, and if not, selectively requiring the user to 
perform a quantity of work as a condition for accessing the resource; means for providing the 
user with access to the resource; means for determining an amount of accumulated work output 
value to provide to the user based on a volume of data communicated between the resource and 
the user; and means for providing the accumulated work output value to the user . 

18. (Currently amended) An apparatus for preventing an attack on a network , comprising: 
a processor; 

one or more stored sequences of instructions that are accessible to the processor and 

which, when executed by the processor, cause the processor to carry out the steps 
of any of Claims 1. 2. 3. 4 . 5. 6. 7. 8 . 9. 10. 11. 12. 13. 1 4 . 15. or 16 perform: 

receiving a request to access a resource from a user, wherein the request includes an 
accumulated work value; 

determining whether the accumulated work value exceeds a required work threshold 

value, and if not, selectively requiring the user to perform a quantity of work as a 
condition for accessing the resource; 

providing the user with access to the resource; 

determining an amount of accumulated work output value to provide to the user based on 

a volume of data communicated between the resource and the user: and 
providing the accumulated work output value to the user . 

19. (Currently amended) A computer-readable storage medium carrying storing one or more 
sequences of instructions for preventing an attack on a network , wherein execution of the 
one or more sequences of instructions by one or more processors causes the one or more 
processors to perfor m the stops of any of Claims 1, 2, 3, 4 , 5, 6, 7, 8, 9, 10, 11, 12, 13, 1 4 , 
15, or 16 : 
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receiving a request to access a resource from a user, wherein the request includes an 
accumulated work value; 

determining whether the accumulated work value exceeds a required work threshold 

value, and if not, selectively requiring the user to perform a quantity of work as a 
condition for accessing the resource; 

providing the user with access to the resource; 

determining an amount of accumulated work output value to provide to the user based on 

a volume of data communicated between the resource and the user; and 
providing the accumulated work output value to the user . 

20. (New) The computer-readable storage medium of claim 19, wherein the request includes 
a prior user identity value and a current user identity value, and further comprising 
instructions which when executed by the one or more processors cause determining 

whether a mathematical relationship of the current user identity value and the prior user 
identity value indicates that the user has possession of a resource secret. 

21. (New) The computer-readable storage medium of claim 19, further comprising 
instructions which when executed by the one or more processors cause: 

determining the required work threshold value based on a then-current capacity of the 
resource; 

requiring a first user who has an accumulated work value that is greater than the required 
work threshold value to perform a first amount of work as a condition for 

accessing the resource; and 
requiring a second user who has an accumulated work value that is less than or equal to 
the required work threshold value to perfomi a second amount of work as a 
condition for accessing the resource, wherein the second amount of work is 
greater than the first amount of work. 

22. (New) The computer-readable storage medium of claim 19, wherein the instructions for 
determining an amount of accumulated work output value are performed for a specified user only 
if the current user identity value received from the user is not found in a list of user identity 
values that were previously received in a specified time period. 
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23. (New) The computer-readable storage medium of claim 19, further comprising 
instructions which when executed by the one or more processors cause digitally signing and 
providing a timestamp to the user with the accumulated work output value, and wherein the 
instructions for determining an amount of accumulated work output value are performed for a 
specified user only upon: 

receiving the timestamp is received in a subsequent request; 
verifying the timestamp value; and 

determining that the timestamp value is within an allowed range. 

24. (New) The apparatus of Claim 17, wherein the request includes a prior user identity 
value and a current user identity value, and further comprising means for determining whether a 
mathematical relationship of the current user identity value and the prior user identity value 
indicates that the user has possession of a resource secret. 

25. (New) The apparatus of Claim 17, further comprising: 

means for determining the required work threshold value based on a then-current capacity 
of the resource; 

means for requiring a first user who has an accumulated work value that is greater than 

the required work threshold value to perform a first amount of work as a condition 
for accessing the resource; and 

means for requiring a second user who has an accumulated work value that is less than or 
equal to the required work threshold value to perform a second amount of work as 
a condition for accessing the resource, wherein the second amount of work is 
greater than the first amount of work. 

26. (New) The apparatus of Claim 17, wherein means for determining an amount of 
accumulated work output value is operable for a specified user only if the current user identity 
value received from the user is not found in a list of user identity values that were previously 
received in a specified time period. 

27. (New) The apparatus of Claim 17, further comprising means for digitally signing and 
providing a timestamp to the user with the accumulated work output value, and wherein the 
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means for determining an amount of accumulated work output value is operable for a specified 
user only upon: 

receiving the timestamp is received in a subsequent request; 

verifying the timestamp value; and 

determining that the timestamp value is within an allowed range. 

28. (New) The apparatus of Claim 18, wherein the request includes a prior user identity 
value and a current user identity value, and further comprising instructions which when executed 
by the processor cause determining whether a mathematical relationship of the current user 
identity value and the prior user identity value indicates that the user has possession of a resource 
secret. 

29. (New) The apparatus of Claim 18, further comprising instructions which when executed 
by the processor cause: 

determining the required work threshold value based on a then-current capacity of the 
resource; 

requiring a first user who has an accumulated work value that is greater than the required 
work threshold value to perform a first amount of work as a condition for 
accessing the resource; and 

requiring a second user who has an accumulated work value that is less than or equal to 
the required work threshold value to perform a second amount of work as a 
condition for accessing the resource, wherein the second amount of work is 
greater than the first amount of work. 

30. (New) The apparatus of Claim 18, wherein the instructions for determining an amount of 
accumulated work output value are performed for a specified user only if the current user 
identity value received from the user is not found in a list of user identity values that were 
previously received in a specified time period. 

31. (New) The apparatus of Claim 18, further comprising instructions which when executed 
by the processor cause digitally signing and providing a timestamp to the user with the 
accumulated work output value, and wherein instructions for determining an amount of 
accumulated work output value is performed for a specified user only upon: 
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receiving the timestamp is received in a subsequent request; 
verifying the timestamp value; and 

determining that the timestamp value is within an allowed range. 
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